Available for engagements

Mahdi
Alabdallah

Penetration Tester/Offensive Security Engineer

I find the security gaps in your business before someone with bad intentions does. I test web applications, networks, cloud, and Active Directory, then deliver a clear report your leadership and your engineers can both act on. Remote, worldwide, and professional from the first call to the final fix.

OSCP+eCPPTeWPTeCIRAZ-500SC-200SC-300
Open to work base Amman · GMT+3 exp 6+ yrs cyber Verified by
Profile

Attacker's instinct, defender's discipline

MAMahdi Alabdallah, freelance penetration tester
Amman, Jordan · GMT+3

I have spent 6+ years in cybersecurity, the last two focused entirely on offensive work, finding the paths attackers use before they do.

I run web application, network, and Active Directory penetration tests for clients across the UK, Europe, and the Middle East. Whether it is a single web app or a full corporate network, I find the weak points, prove the real impact safely, and show your team exactly how to close them.

Before offensive security I worked as a Detection Engineer and CTI analyst, writing the rules meant to catch people like me. That background is my edge: I know how alerts fire, so I test the way a real intruder would, and my reports speak to the blue team, not past them.

I am also a published security researcher on phishing tradecraft and trusted-infrastructure abuse, and I hold OSCP+, eCPPT, eWPT, eCIR and three Microsoft security certifications. My university background is in Network Engineering and Security, so the infrastructure I test is infrastructure I understand from the ground up.

Capabilities

A full offensive skill set

I test the whole picture: web applications, networks, identity, and cloud. Then I report it so your leadership and your engineers both know exactly what to fix. A background in detection engineering means I test the way real attackers move, not just run a scanner.

Web Application Testing
OWASP Top 10Auth & access controlInjectionBusiness logicAPIsBurp Suite
Network Penetration Testing
Internal & externalSegmentationMisconfigurationNmapMetasploitNetExec
Active Directory & Identity
Attack-path mappingKerberosPrivilege escalationBloodHoundImpacket
Cloud Security (Azure)
Entra IDAzure RBACAZ-500Defender for Cloud
Threat Detection & Response
Microsoft SentinelKQLMITRE ATT&CKThreat hunting
Reporting & Advisory
Executive summaryCVSS scoringRemediation roadmapDebrief
Engagements

How I can help

Remote work for clients worldwide. Every engagement is scoped in writing with a fixed price and timeline before it starts.

Core 01 / testing

Penetration Testing

Full-scope internal and external network assessments, Active Directory attack-path analysis, and web application testing for enterprise clients.

  • Active Directory: ADCS, Kerberos, ACL chains
  • Web: OWASP Top 10, auth bypass, logic flaws
  • Network segmentation validation
  • Executive plus technical report
Request a quote →
02 / reporting

Pentest Report Writing

Turn raw findings into a polished, client-ready report. Executive summaries, risk-rated findings, and remediation your engineers can act on.

  • Executive and technical sections
  • CVSS-scored findings
  • Step-by-step evidence
  • Prioritised remediation roadmap
Get in touch →
03 / mentoring

OSCP Coaching

One-to-one mentorship for OSCP candidates from someone who passed OSCP+ and does this work for a living. I know what the exam expects.

  • Active Directory attack paths
  • Web exploitation and privesc
  • Exam strategy and time management
  • Report writing for the exam
Book a session →
04 / advisory

Security Consulting

On-demand offensive security expertise for startups and SMEs who need senior guidance without a full-time hire.

  • Security posture and gap review
  • Vulnerability assessment advisory
  • Awareness and training sessions
  • Ad-hoc incident support
Get in touch →
05 / detection

Detection Engineering

Custom detection rules in Microsoft Sentinel using KQL, mapped to MITRE ATT&CK, plus threat hunting and advisory writing.

  • KQL detection rule development
  • Threat hunting hypotheses
  • ATT&CK coverage mapping
  • Threat intelligence reporting
Get in touch →
Engagement flow

From first call to final report

No surprises, no hidden costs. You know the scope, the price, and the timeline before anything begins.

STEP 01

Scoping call

A free 30-minute call to understand your environment, goals, and any compliance drivers. No commitment.

STEP 02

Written proposal

A clear scope, timeline, and fixed price within 24 hours. You know the exact cost upfront.

STEP 03

Testing

The assessment runs remotely with minimal disruption and progress updates throughout. Never left in the dark.

STEP 04

Report and debrief

A professional report with executive summary, CVSS-rated findings, evidence, and a remediation roadmap, walked through with your team.

Credentials

Eight certifications, all verifiable

Every credential links to its official verification page. View the full credential wallet →

Published research

Work the industry cites

Research on phishing tradecraft, trusted-infrastructure abuse, and the techniques attackers actually use in the wild.

Before you hire

Questions clients ask

It depends on scope and environment size. Web application tests typically start from $500. Full internal network and Active Directory assessments start from $1,500. Every engagement gets a free scoping call and a fixed-price proposal with no hidden fees.

Yes, 100% remote. I work with clients in the UK, Europe, the Middle East, and worldwide. My time zone is GMT+3 and I adjust hours to match yours.

A web application test is typically 3 to 5 business days. A full internal network and Active Directory assessment is 5 to 10 days depending on scope. Every proposal states a precise timeline before work begins.

A professional PDF with two audiences in mind: an executive summary in plain language for management, and a full technical section for your engineers with CVSS-rated findings, screenshots as evidence, and a prioritised remediation roadmap.

Always. Every engagement starts with a mutual NDA and a signed rules-of-engagement document defining scope, timeline, and legal authorisation. Your legal protection comes first.

An assessment of your Windows domain for real attack paths: ADCS misconfigurations (ESC1 to ESC8), Kerberoasting, Pass-the-Hash, ACL abuse, and lateral movement. Most corporate breaches go through Active Directory, so this test finds those paths before attackers do.

Résumé

The full background

Read the complete professional history, or take it with you.

Get in touch

Let's talk about your project

Available for remote freelance engagements. I reply within 24 hours.

Tell me what you need

A penetration test, a report written, OSCP coaching, or a translation. Send a short note and I will come back with a clear scope and timeline.

Available for remote work · GMT+3 · Jordan
I reply within 24 hours.